tags:

views:

714

answers:

2
Q: 

Twitter update access with OAuth and DotNetOpenAuth

I'm trying to use OAuth with .NET (DotNetOpenAuth) to send updates to a Twitter account via a web application. I understand the basic workflow of OAuth and Twitter.

Where I'm confused if is it useful in a server web application? I don't want any user interaction. But how it seems after an application start, the request token needs to be recreated and also an access token. This involves user interaction.

What is the correct workflow for my case? Storing the request token or access token in config file? Or the easist way, using HTTP basic authentication?

Thanks

+1  A: 

If I understand you correctly your application will not be interacting with Twitter on behalf of your users but will be acting as the Twitter account for your application.

In this case there are 2 main factors to consider.

1) Do you want "from API" attached to each status as will be if you use basic auth or your applications name will happen if you use OAuth. 2) Do you want to put in the extra effort to implement OAuth.

If you decide to go with OAuth you would store your apps consumer key/secret and the accounts access token in configuration just like you would store the accounts screenname/password.

abraham  2010-01-07 03:28:02
abraham, thanks. DotNetOpenAuth implements OAuth. This is done.So you tell me, that I need to store only the access token (beside key/secret to create the access token)? The request token I don't need anymore?Which lifetime has the access token?
EricSch  2010-01-07 11:12:40
The request token is just used in exchange for the access token. The access token is good until a user revokes authorization for your application.
abraham  2010-01-07 21:00:35
Thanks, I'm sorry. Only allowed one question to mark as accepted
EricSch  2010-01-08 01:10:08
+1  A: 

Your "request token needs to be recreated" phrase suggests you might be running into the problem where every time your user visits you need to re-authorize to Twitter, and perhaps you're looking for a way to access the user's Twitter account while he's not at your web site, and how can you do this when their token isn't fresh from being re-authorized. Is that right?

If so, the user isn't supposed to have to re-authorize Twitter every time they visit your site. The token is supposed to last a long time, which would also allow your site to access their Twitter account when they are not directly interacting with your web site. The problem may be that you haven't implemented the IConsumerTokenManager interface, but are instead using the default InMemoryTokenManager, which is for sample use only, since this memory-only token manager loses tokens every time the web app is restarted. Your own implementation of this simple interface should store and read the tokens out of some persistent storage such as a database.

Andrew Arnott  2010-01-07 10:45:30
Andrew, yes this was more or less my question. I have implemented the IConsumerManager, but not persistent.Could you tell me the lifetime of the tokens? For the request and access token? May I store them both indefinitely? Thanks
EricSch  2010-01-07 11:06:53
I don't know what the `IConsumerManager` is. Twitter doesn't expire access tokens automatically, so they work until the user revokes them. I'd store them indefinitely until they quit working. Request tokens usually have a very short lifetime, since they only need to live as long as it takes to send the user through the authorization process. I would remove them after no more than an hour.
Andrew Arnott  2010-01-07 14:53:28
Oh, just realized that by `IConsumerManager` you must have meant `IConsumerTokenManager`. :) Yes, so just make it persistent and that should solve your problem I think.
Andrew Arnott  2010-01-07 14:54:15
Andrew, and thanks for the great work on DotNetOpenAuth. Very useful.Now I'm trying to get around the "417 Expectation failed" with 'Expect100Continue'. Like here http://stackoverflow.com/questions/1186682/expectation-failed-when-trying-to-update-twitter-status
EricSch  2010-01-08 01:09:11
Try adding this to your code before your first OAuth call: `ServicePointManager.FindServicePoint("http://twitter.com").Expect100Continue = false`
Andrew Arnott  2010-01-08 06:15:34
@Andrew Arnott Your suggestion doesn't work. Need to use: ((HttpWebRequest)WebRequest.Create(GetUpdateEndpoint.Location)).ServicePoint.Expect100Continue = false;
EricSch  2010-01-20 23:48:00
Interesting... assuming GetUpdateEndpoint.Location starts with http://twitter.com, the two methods should be equivalent I thought. But I'm glad you found a way that works.
Andrew Arnott  2010-01-21 04:23:57

related questions

Having problems with Attributes and DotNetOpenID
Implementing multi-database, multi-provider authentication system...
WSS and OpenID
rpxnow vs dotnetopenid, What do you think ?
How do i moq this DotNetOpenAuth Response object?
RememberMe with DotNetOpenId in ASP.NET MVC
DotNetOpenId ClaimedIdentifier - Is it safe to hard-code this?
DotNetOpenId -- "This message has already been processed" Error
Retrieve GMail data through DotNetOpenId
Can i request a MyOpenId persona's Avatar with dotNetOpenId?
How can i set Policy Url programmatically?
DotNetOpenID Programmatic Login
Problem installing OpenID on ASP.NET MVC Site
How can I change the ReturnUrl for OpenID?
Request email address from OpenID provider
Limited Use OpenID
Get FriendlyIdentifierForDisplay from ClaimedIdentifier in dotNetOpenId
Logging in to an OpenID site from a .net app
What is a good openid selector control?
Specifying a proxy to use with DotNetOpenID
What's the secret to getting ClaimsResponse working with DotNetOpenId?
Can I use OpenId with the ASP MembershipProvider?
How is OpenID implemented?
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
OpenID authentication in ASP.NET?